Lucene search

FortinetCVELIST:CVE-2021-42761

HistoryFeb 16, 2023 - 6:05 p.m.

CVE-2021-42761

2023-02-1618:05:36

CWE-384

fortinet

www.cve.org

fortiweb

session fixation

vulnerability

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiWeb",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.3.0",
        "lessThanOrEqual": "6.3.16",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.2.0",
        "lessThanOrEqual": "6.2.6",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.1.0",
        "lessThanOrEqual": "6.1.2",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.0.0",
        "lessThanOrEqual": "6.0.7",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "5.9.0",
        "lessThanOrEqual": "5.9.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "5.8.5",
        "lessThanOrEqual": "5.8.7",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "5.8.0",
        "lessThanOrEqual": "5.8.3",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "5.7.0",
        "lessThanOrEqual": "5.7.3",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "5.6.0",
        "lessThanOrEqual": "5.6.2",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-21-214

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

Related for CVELIST:CVE-2021-42761